projects / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8032236)
CVE-2019-17542
authorDebian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Thu, 5 Dec 2019 16:27:00 +0000 (16:27 +0000)
committerSylvain Beucler <beuc@debian.org>
Thu, 5 Dec 2019 16:27:00 +0000 (16:27 +0000)
From 02f909dc24b1f05cfbba75077c7707b905e63cd2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 26 Jul 2019 00:35:32 +0200
Subject: [PATCH] avcodec/vqavideo: Set video size

Fixes: out of array access
Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Gbp-Pq: Name CVE-2019-17542.patch

libavcodec/vqavideo.c patch | blob | history

diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 86f2fcfbcdc37c40620f3923600935d0b278fca6..998228d329ee15106833095ba9ea77b610e5bff9 100644 (file)
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -147,7 +147,7 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
     }
     s->width = AV_RL16(&s->avctx->extradata[6]);
     s->height = AV_RL16(&s->avctx->extradata[8]);
-    if ((ret = av_image_check_size(s->width, s->height, 0, avctx)) < 0) {
+    if ((ret = ff_set_dimensions(avctx, s->width, s->height)) < 0) {
         s->width= s->height= 0;
         return ret;
     }
Unnamed repository; edit this file 'description' to name the repository.